House Robot Stabs Tomato to a Pulpy Death

Slack AliceSlogger, Infosecurity Magazine

Sure, we make “SkyNet” jokes all the time in these parts when talk turns to artificial intelligence and robotics. Sometimes I even throw in a Bladerunner reference. But the chuckles died down when news surfaced this week about a popular house robot being hacked to wield a screwdriver and stab violently at a tomato.

The idea of friendly home robot companions is ingrained in popular culture, stretching back to B9 in Lost in Space (“Danger, Will Robinson!”) and Rosie in the Jetsons. It’s a pleasant vision of the future. As IOActive noted in a paper on the hack: “Humanoid robots typically connect better emotionally with humans, since they imitate our behaviors, body parts, and skills, such as walking. The more robots reflect human nature, the greater empathy we feel when interacting with them.”

But what happens when a robot is forced to ignore its programming and goes all Chucky on the fruit bowl? Well that kind of shatters the utopian view.

The future could be now though, which means that we should be looking to secure the robot ecosystem in the same way that all IoT devices need to be secured. Researchers at IOActive noted that the evidence of robots going mainstream is a bit overwhelming, with investments being made in robotic technology in both public and private sectors. To wit:

SoftBank recently received $236 million from Alibaba and Foxconn for its robotics division.

UBTECH Robotics raised $120 million in the past two years.

Factories and businesses in the U.S. added 10% more robots in 2016 than in the previous year.

All of that investment will translate into the development of for-human companions sooner rather than later. And yet, terrifyingly, the little darlings—today’s version of them anyway—are wildly insecure. IOActive tested several robots and found that, while it seems a no-brainer that only valid users should be able to program robots or send them commands, most robots tested exposed one or more services that can be remotely accessed easily.

“We found key robot services that didn’t require a username and password, allowing anyone to remotely access those services,” the firm explained. “In some cases, where services used authentication, it was possible to bypass it, allowing access without a correct password. This is one of the most critical problems we found, allowing anyone to remotely and easily hack the robots.”

This is just insane. I mean, just watch this video—that cute little robot could star in the next Purge movie. Seriously.

But don’t take my word for it that this is a warning sign. There are others who found this programmed vegecide disturbing, at best.

“With the introduction of robots making their way into our homes and in industrial settings, the appeal is to make human lives more efficient,” said Cesare Garlati, chief security strategist at the prpl Foundation, via email. “However, robots present an extreme danger to the public if security is not properly addressed. Many manufacturers and developers are too preoccupied by sales, and rush to get their products to market, with security left as an afterthought. Security should be implemented at the development stages of the production lifecycle. Otherwise, if robots continue to lack the necessary security, they will become a danger to human life.”